fix(admin): block /admin/login redirect loop for non-admin users#447
Merged
Conversation
INITIAL_SESSION 이벤트로 자동 /admin 이동 시 비-admin 세션 보유자가 proxy.ts → /admin/login 리다이렉트와 무한 루프에 빠지는 문제 수정. - /api/auth/session POST 응답에 isAdmin 추가 (서버에서 checkIsAdmin 호출) - /admin/login 페이지: SIGNED_IN 시 isAdmin 분기 — 비-admin 은 signOut + 세션 쿠키 삭제 후 에러 메시지 표시. INITIAL_SESSION 분기는 제거 (이미 proxy.ts 가 admin 인증된 사용자를 /admin 으로 바운스해 처리) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/admin ↔ /admin/login무한 redirect 루프 차단feature/374-seaorm-integration-epic-plan에서 작성된 fix를 정공법으로 dev → main 흐름에 흘려보냄)Changes
app/api/auth/session/route.ts: POST 응답에isAdmin필드 추가 (서버에서checkIsAdmin호출).app/admin/login/page.tsx:INITIAL_SESSION분기 제거 — 비-admin이/admin/login에 진입하면INITIAL_SESSION → /admin → proxy → /admin/login → INITIAL_SESSION루프가 생기는 구조였음.isAdmin분기 — 비-admin은 즉시 sign out + 에러 표시.Test plan
bun run lint(web) 통과bun run typecheck(web) 통과/admin정상 진입users테이블 본인is_admin = true검증 (사용자)Context
dev에는 이미 redirect-loop 안정화 fix들이 부분적으로 반영되어 있음 (
b95bc077,d74b8098,3d56da77, proxy.ts admin bounce). 본 PR은 마지막 누락분(5037b58b)을 채워 main까지 흘려보내기 위함.🤖 Generated with Claude Code